路由编写及自定义认证
总的来说这周的进度还是可以的,基本完成了后台功能,虽然还没有配合前端进行调试,但后台运行正常,且正确反馈消息
# -*- coding: utf-8 -*-
from flask import Blueprint,Flask,render_template,session,redirect
from flask import url_for,flash,request,make_response,jsonify,escape
from flask_sqlalchemy import SQLAlchemy
import configparser
import mysql.connector
from flask_login import LoginManager,UserMixin,login_required,login_user,logout_user,user_logged_in,current_user
import login
import os
import flask_login
from wtforms import StringField,SubmitField,PasswordField
from wtforms.validators import Required
from flask_wtf import FlaskForm
import json
import re
import datetime
from flask_migrate import Migrate,MigrateCommand
from flask_script import Manager
#---------------------------------------------------------------------------------------------------
#---------------------------------------------------------------------------------------------------
#-----------------------------------------常量声明---------------------------------------------------
cf=configparser.ConfigParser()
cf.read('D:/mcc/Github/mcc/python/Flask/T1/conf.ini',encoding='utf-8')
NAME=cf.get('db','NAME')
PASSWORD = cf.get('db','PASSWORD')
IPADDR = cf.get('db','IPADDR')
DATABASE = cf.get('db','DATABASE')
app=Flask(__name__)
app.config['SECRET_KEY'] = os.urandom(24)
app.config['SQLALCHEMY_DATABASE_URI']='mysql+mysqlconnector://%s:%s@%s/%s' %(NAME,PASSWORD,IPADDR,DATABASE)
app.config['SQLALCHEMY_TRACK_MODIFICATIONS'] = True
db=SQLAlchemy(app)
manager=Manager(app)
login_manager=LoginManager(app)
login_manager.__init__(app)
login_manager.init_app(app)
login_manager.session_protection='strong'
login_manager.login_view='login'
login_manager.init_app(app)
aft_dic200=dict()
aft_dic200['StatusCode']=200
aft_dic200['info']='允许访问'
aft_dic404=dict()
aft_dic404['StatusCode']=404
aft_dic404['info']='页面错误'
aft_dic500=dict()
aft_dic500['StatusCode']=500
aft_dic500['info']='拒绝访问'
#---------------------------------------------------------------------------------------------------
#---------------------------------------------------------------------------------------------------
#-----------------------------------------类声明-----------------------------------------------------
class Login_Form(FlaskForm):
username=StringField('username',validators=[Required()])
password=PasswordField('password',validators=[Required()])
submit=SubmitField('Login')
def mcc_validate(self):
if self.username and self.password:
return True
else:
return False
class User(UserMixin,db.Model):
__tablename__ = 'user'
__table_args__ = {'mysql_charset': 'utf8'}
id = db.Column(db.Integer,primary_key=True,autoincrement=True)
name = db.Column(db.String(30),unique=True)
password = db.Column(db.String(30),unique=True)
email = db.Column(db.String(30),unique=True)
pri = db.Column(db.Integer,unique=False)
articles = db.relationship('Article',backref='user')
def get_id(self):
return self.id
def is_authenticated(self):
return False
def is_actice(self):
return True
def is_anonymous(self):
return False
def is_admin(self):
if self.name=='root':
return True
else:
return False
class Article(UserMixin,db.Model):
__tablename__ = 'article'
__table_args__ = {'mysql_charset': 'utf8'}
id = db.Column(db.Integer,primary_key=True,autoincrement=True)
writer = db.Column(db.String(30),db.ForeignKey('user.name'))
title = db.Column(db.String(30))
article = db.Column(db.Text,nullable=True)
date = db.Column(db.DateTime)
#---------------------------------------------------------------------------------------------------
#---------------------------------------------------------------------------------------------------
#-----------------------------------------函数声明---------------------------------------------------
def db_user_auth(name,password):
user=User.query.filter_by(name=name).first()
if user is not None and password==user.password:
return True
else:
return False
def db_article_auth(title):
article=Article.query.filter_by(title=title).first()
if article is not None:
return True
else:
return False
def db_user_push(dic):
user=User.query.filter_by(name=dic['name']).first()
if user is None:
user=User()
user.name=dic['name']
user.password=dic['password']
user.email=dic['email']
user.pri=dic['pri']
db.session.add(user)
db.session.commit()
return True
else:
return False
def db_article_push(dic):
article=Article.query.filter_by(title=dic['title']).first()
if article is None:
article=Article()
article.title=dic['title']
article.writer=dic['writer']
article.date=dic['date']
article.article=dic['article']
db.session.add(article)
db.session.commit()
return True
else:
return False
def json_load():
pre_data=request.get_data()
dic=json.load(pre_data)
return dic
def form_analysis(form):
if form.mcc_validate():
if request.method=='POST':
username=form.username.data
password=form.password.data
dic=dict()
dic['username']=username
dic['password']=password
return dic
else:
mcc_print('请求方式错误')
return None
else:
mcc_print('表单未填写完整')
return None
def blog_article_get(id):
pass
def mail_auth(mail):
str=r'^[a-zA-Z0-9_-]+(\.[a-zA-Z0-9_-]+){0,4}@[a-zA-Z0-9_-]+(\.[a-zA-Z0-9_-]+){0,4}$'
if re.match(str,str):
return True
else:
return False
def mcc_print(info):
app.logger.info(info)
def db_init():
db.create_all()
dic=dict()
dic['name']='root'
dic['password']='root'
dic['email']=None
dic['pri']=2
db_user_push(dic)
db_init()
migrate=Migrate(app,db)
manager.add_command('db',MigrateCommand)
#---------------------------------------------------------------------------------------------------
#---------------------------------------------------------------------------------------------------
#---------------------------------------------路由---------------------------------------------------
@login_manager.user_loader
def load_user(id):
return User.query.get(int(id))
@login_manager.unauthorized_handler
def unauthorized():
return render_template("login.html")
@app.route('/')
def main():
return render_template('login.html')
@app.route('/register',methods=('POST','GET'))
def register():
if current_user.is_authenticated:
mcc_print('已通过认证,请注销后再进行注册')
else:
if request.method=='POST':
form=Login_Form()
if form.mcc_validate():
name=form.username.data
password=form.password.data
if db_user_auth(name,password)==False:
dic=dict()
dic['name']=name
dic['password']=password
dic['email']=None
dic['pri']=1
db_user_push(dic)
else:
mcc_print('账户已被注册')
else:
mcc_print('注册表单未填写完整')
else:
mcc_print('请求方式错误')
@app.route('/login',methods=('POST','GET'))
def login():
if current_user.is_authenticated:
mcc_print("you are authenticated")
# resp=make_response()
# resp.StatusCode=200
# resp.response=render_template('ForWindowsIndex.html')
#return resp
return jsonify(aft_dic200)
else:
form=Login_Form()
dic=form_analysis(form)
if dic!=None:
if request.method=='POST':
username=dic['username']
password=dic['password']
user=User.query.filter_by(name=username).first()
if user is not None and password==user.password:
session["username"]=username
session["password"]=password
login_user(user,True)
# resp=make_response()
# resp.StatusCode=200
# resp.response=render_template('ForWindowsIndex.html')
# return resp
return jsonify(aft_dic200)
else:
mcc_print("authenticate fail")
# resp=make_response()
# resp.StatusCode=404
# resp.response=render_template('login.html')
# return resp
return jsonify(aft_dic500)
else:
mcc_print("validate fail")
# resp=make_response()
# resp.StatusCode=404
# resp.response=render_template('login.html')
# return resp
return jsonify(aft_dic500)
else:
mcc_print('the dic is empty')
return jsonify(aft_dic500)
@app.route('/logout',methods=('POST','GET'))
def logout():
if current_user.is_authenticated:
logout_user()
return jsonify(aft_dic200)
else:
mcc_print('您还未登陆。无法注销')
return jsonify(aft_dic500)
@app.route('/blog_article_r',methods=('POST','GET'))
def blog_article_r():
dic=json_load()
if dic.has_key('title'):
if db_article_auth(dic['title']):
article=Article.query.filter_by(title=dic['title']).first()
user=User.query.filter_by(name=article.writer)
if current_user.pri>=user.pri:
article=Article.query.filter_by(title=dic['title']).first()
aft_dic=dict()
dic['article']=article.article
dic['writer']=article.name
dic['date']=article.datetime
dic['StatusCode']=200
dic['info']='success'
return jsonify(dic)
else:
mcc_print('数据库中不存在该文章')
return aft_dic404
else:
mcc_print('缺少标题')
return jsonify(aft_dic404)
else:
mcc_print('权限不足')
return jsonify(aft_dic404)
@app.route('/blog_article_w',methods=('POST','GET'))
def blog_article_w():
if current_user.is_authenticated:
dic=json_load()
if dic.has_key('title') and dic.has_key('article'):
dic['writer']=current_user.name
dic['date']=datetime.datetime
if dic['article']:
db_article_push(dic)
return jsonify(aft_dic200)
else:
mcc_print('article data is empty')
return jsonify(aft_dic404)
else:
mcc_print('article title is empty')
return jsonify(aft_dic404)
else:
mcc_print('匿名用户,拒绝访问')
return jsonify(aft_dic500)
@app.route('/blog_article_m',methods=('POST','GET'))
def blog_article_m():
dic=json_load()
if dic.has_key('title') and dic.has_key('article'):
if db_article_auth(dic['title']):
article=Article.query.filter_by(title=dic['title']).first()
user=User.query.filter_by(name=article.writer)
if current_user.is_admin() or current_user.name==user.name:
dic['writer']=current_user.name
dic['date']=datetime.datetime
if dic['article']:
db_article_push(dic)
return jsonify(aft_dic200)
else:
mcc_print('article data is empty')
return jsonify(aft_dic404)
else:
return jsonify(aft_dic404)
else:
mcc_print('请求的文章不存在')
return jsonify(aft_dic404)
else:
mcc_print('the title is empty')
return jsonify(aft_dic500)
@login_required
@app.route('/test')
def test():
return render_template('ForWindowsIndex.html')
if __name__ == '__main__':
manager.run()
总结:虽然还没有采用蓝图框架,但自己还是按照逻辑对各部分进行了分类,实现了前后台的分离,还没有加入Email认证,准备以后慢慢加,最近考试比较多,可能无法即使跟新博文了。